Search in sources :

Example 1 with GroupDAO

use of org.wso2.carbon.identity.role.mgt.core.dao.GroupDAO in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMGroupResolver method getGroupNameById.

@Override
public boolean getGroupNameById(String groupID, Group group, UserStoreManager userStoreManager) throws UserStoreException {
    int tenantId = userStoreManager.getTenantId();
    AbstractUserStoreManager abstractUserStoreManager = ((AbstractUserStoreManager) userStoreManager);
    boolean isGroupIdEnabled = abstractUserStoreManager.isUniqueGroupIdEnabled();
    /*
         * isGroupIdEnabled equal to false indicates that the given userstore only support the legacy behaviour. In
         * that case we need to support getting group details from IDN_SCIM_GROUP table.
         */
    if (isGroupIdEnabled) {
        if (log.isDebugEnabled()) {
            log.debug(String.format("SCIMGroupResolver will not be executed for userstore: %s in " + "tenant %s since group id support is available in the userstore manager", abstractUserStoreManager.getRealmConfiguration().getRealmProperty(PROPERTY_DOMAIN_NAME), tenantId));
        }
        return true;
    }
    String groupName;
    GroupDAO groupDAO = new GroupDAO();
    try {
        groupName = groupDAO.getGroupNameById(tenantId, groupID);
        if (StringUtils.isBlank(groupName)) {
            log.error(String.format("No group found with id: %s in tenant: %s", groupID, tenantId));
            return true;
        }
    } catch (IdentitySCIMException e) {
        throw new UserStoreException(String.format("Error occurred while getting the group name of " + "group: %s in tenant: %s", groupID, tenantId), e);
    }
    if (group == null) {
        group = new Group(groupID);
    }
    String domainName = UserCoreUtil.extractDomainFromName(groupName);
    group.setGroupName(resolveGroupName(groupName, domainName));
    group.setUserStoreDomain(UserCoreUtil.extractDomainFromName(groupName));
    group.setDisplayName(UserCoreUtil.removeDomainFromName(groupName));
    return true;
}
Also used : Group(org.wso2.carbon.user.core.common.Group) UserStoreException(org.wso2.carbon.user.core.UserStoreException) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) GroupDAO(org.wso2.carbon.identity.scim2.common.DAO.GroupDAO) IdentitySCIMException(org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException)

Example 2 with GroupDAO

use of org.wso2.carbon.identity.role.mgt.core.dao.GroupDAO in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMGroupResolver method getGroupsListOfUserByUserId.

@Override
public boolean getGroupsListOfUserByUserId(String userId, List<Group> groupList, UserStoreManager userStoreManager) throws UserStoreException {
    if (CollectionUtils.isEmpty(groupList)) {
        // To do filtering in IDN_SCIM_GROUP, we need group names. If the list is empty, we cannot do that.
        return true;
    }
    int tenantId = userStoreManager.getTenantId();
    AbstractUserStoreManager abstractUserStoreManager = ((AbstractUserStoreManager) userStoreManager);
    boolean isGroupIdEnabled = abstractUserStoreManager.isUniqueGroupIdEnabled();
    /*
         * isGroupIdEnabled equal to false indicates that the given userstore only support the legacy behaviour. In
         * that case we need to support getting group details from IDN_SCIM_GROUP table.
         */
    if (isGroupIdEnabled) {
        if (log.isDebugEnabled()) {
            log.debug(String.format("SCIMGroupResolver will not be executed for userstore: %s in " + "tenant %s since group id support is available in the userstore manager", abstractUserStoreManager.getRealmConfiguration().getRealmProperty(PROPERTY_DOMAIN_NAME), tenantId));
        }
        return true;
    }
    GroupDAO groupDAO = new GroupDAO();
    for (Group group : groupList) {
        // We need to only provide the group name and group id.
        try {
            group.setGroupID(groupDAO.getGroupIdByName(tenantId, group.getGroupName()));
        } catch (IdentitySCIMException e) {
            throw new UserStoreException(String.format("Error occurred while getting the group id of " + "group: %s in tenant: %s", group.getGroupName(), tenantId), e);
        }
    }
    return true;
}
Also used : Group(org.wso2.carbon.user.core.common.Group) UserStoreException(org.wso2.carbon.user.core.UserStoreException) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) GroupDAO(org.wso2.carbon.identity.scim2.common.DAO.GroupDAO) IdentitySCIMException(org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException)

Example 3 with GroupDAO

use of org.wso2.carbon.identity.role.mgt.core.dao.GroupDAO in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMGroupResolver method getGroupIdByName.

@Override
public boolean getGroupIdByName(String groupName, Group group, UserStoreManager userStoreManager) throws UserStoreException {
    int tenantId = userStoreManager.getTenantId();
    AbstractUserStoreManager abstractUserStoreManager = ((AbstractUserStoreManager) userStoreManager);
    boolean isGroupIdEnabled = abstractUserStoreManager.isUniqueGroupIdEnabled();
    /*
         * isGroupIdEnabled equal to false indicates that the given userstore only support the legacy behaviour. In
         * that case we need to support getting group details from IDN_SCIM_GROUP table.
         */
    if (isGroupIdEnabled) {
        if (log.isDebugEnabled()) {
            log.debug(String.format("SCIMGroupResolver will not be executed for userstore: %s in " + "tenant %s since group id support is available in the userstore manager", abstractUserStoreManager.getRealmConfiguration().getRealmProperty(PROPERTY_DOMAIN_NAME), tenantId));
        }
        return true;
    }
    if (log.isDebugEnabled()) {
        log.debug(String.format("Retrieving group with name: %s from tenant: %s", groupName, tenantId));
    }
    String groupId;
    GroupDAO groupDAO = new GroupDAO();
    try {
        groupId = groupDAO.getGroupIdByName(tenantId, groupName);
    } catch (IdentitySCIMException e) {
        throw new UserStoreException(String.format("Error occurred while getting the group id of " + "group: %s in tenant: %s", groupName, tenantId), e);
    }
    if (StringUtils.isBlank(groupId)) {
        if (log.isDebugEnabled()) {
            log.debug(String.format("No group found with the group name: %s in tenant: %s", groupName, tenantId));
        }
        return true;
    }
    String domainName = UserCoreUtil.extractDomainFromName(groupName);
    if (group == null) {
        group = new Group(groupId);
        group.setGroupName(resolveGroupName(groupName, domainName));
        group.setUserStoreDomain(domainName);
        group.setDisplayName(UserCoreUtil.removeDomainFromName(groupName));
    } else {
        group.setGroupID(groupId);
    }
    return true;
}
Also used : Group(org.wso2.carbon.user.core.common.Group) UserStoreException(org.wso2.carbon.user.core.UserStoreException) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) GroupDAO(org.wso2.carbon.identity.scim2.common.DAO.GroupDAO) IdentitySCIMException(org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException)

Example 4 with GroupDAO

use of org.wso2.carbon.identity.role.mgt.core.dao.GroupDAO in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMGroupResolver method listGroups.

@Override
public boolean listGroups(Condition condition, int limit, int offset, String domain, String sortBy, String sortOrder, List<Group> groupsList, UserStoreManager userStoreManager) throws UserStoreException {
    int tenantId = userStoreManager.getTenantId();
    AbstractUserStoreManager abstractUserStoreManager = ((AbstractUserStoreManager) userStoreManager);
    boolean isGroupIdEnabled = abstractUserStoreManager.isUniqueGroupIdEnabled();
    /*
         * isGroupIdEnabled equal to false indicates that the given userstore only support the legacy behaviour. In
         * that case we need to support getting group details from IDN_SCIM_GROUP table.
         */
    if (isGroupIdEnabled) {
        if (log.isDebugEnabled()) {
            log.debug(String.format("SCIMGroupResolver will not be executed for userstore: %s in " + "tenant %s since group id support is available in the userstore manager", abstractUserStoreManager.getRealmConfiguration().getRealmProperty(PROPERTY_DOMAIN_NAME), tenantId));
        }
        return true;
    }
    /*
         * Following fill be executed for backward compatible userstores. Those userstores did not have multi
         * attribute filtering. Therefore, we do not need to provide support for that.
         */
    if (condition instanceof OperationalCondition) {
        throw new UserStoreException("OperationalCondition filtering is not supported by userstore: " + userStoreManager.getClass());
    }
    ExpressionCondition expressionCondition = (ExpressionCondition) condition;
    String attributeName = resolveGroupAttributeWithSCIMSchema(expressionCondition.getAttributeName(), tenantId);
    String attributeValue = buildSearchAttributeValue(attributeName, expressionCondition.getOperation(), expressionCondition.getAttributeValue(), SQL_FILTERING_DELIMITER);
    GroupDAO groupDAO = new GroupDAO();
    try {
        String[] groupNames = groupDAO.getGroupNameList(attributeName, attributeValue, tenantId, domain);
        if (ArrayUtils.isEmpty(groupNames)) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("No groups found for the filter in userstore: %s in tenant: %s", domain, tenantId));
            }
            return true;
        }
        // Get details of the groups.
        for (String groupName : groupNames) {
            Map<String, String> attributes = groupDAO.getSCIMGroupAttributes(tenantId, groupName);
            String groupId = attributes.get(SCIMConstants.CommonSchemaConstants.ID_URI);
            String domainName = UserCoreUtil.extractDomainFromName(groupName);
            Group group = new Group(groupId, resolveGroupName(groupName, domainName));
            for (Map.Entry<String, String> entry : attributes.entrySet()) {
                if (SCIMConstants.CommonSchemaConstants.CREATED_URI.equals(entry.getKey())) {
                    group.setCreatedDate(entry.getValue());
                } else if (SCIMConstants.CommonSchemaConstants.LAST_MODIFIED_URI.equals(entry.getKey())) {
                    group.setLastModifiedDate(entry.getValue());
                } else if (SCIMConstants.CommonSchemaConstants.LOCATION_URI.equals(entry.getKey())) {
                    group.setLocation(SCIMCommonUtils.getSCIMGroupURL(groupId));
                }
            }
            group.setDisplayName(UserCoreUtil.removeDomainFromName(groupName));
            group.setUserStoreDomain(domainName);
            groupsList.add(group);
        }
    } catch (IdentitySCIMException e) {
        throw new UserStoreException(String.format("Error occurred while getting the group list in userstore: %s " + "in tenant: %s", domain, tenantId), e);
    }
    return true;
}
Also used : Group(org.wso2.carbon.user.core.common.Group) IdentitySCIMException(org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException) ExpressionCondition(org.wso2.carbon.user.core.model.ExpressionCondition) OperationalCondition(org.wso2.carbon.user.core.model.OperationalCondition) UserStoreException(org.wso2.carbon.user.core.UserStoreException) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) GroupDAO(org.wso2.carbon.identity.scim2.common.DAO.GroupDAO) Map(java.util.Map)

Example 5 with GroupDAO

use of org.wso2.carbon.identity.role.mgt.core.dao.GroupDAO in project identity-inbound-provisioning-scim2 by wso2-extensions.

the class SCIMUserManager method createSCIMAttributesForSCIMDisabledHybridRoles.

/**
 * Create and add group attributes to the IDN_SCIM_GROUP table for hybrid roles created while SCIM is disabled in
 * the user store.
 *
 * @param scimDisabledHybridRoles List of hybrid roles created while SCIM is disabled in the user store.
 * @throws org.wso2.carbon.user.core.UserStoreException Error in loading user store manager.
 * @throws IdentitySCIMException                        Error in persisting.
 */
private void createSCIMAttributesForSCIMDisabledHybridRoles(List<String> scimDisabledHybridRoles) throws org.wso2.carbon.user.core.UserStoreException, IdentitySCIMException {
    Map<String, Map<String, String>> attributesList = new HashMap<>();
    for (String scimDisabledHybridRole : scimDisabledHybridRoles) {
        Map<String, String> groupAttributes = new HashMap<>();
        String id = UUID.randomUUID().toString();
        groupAttributes.put(SCIMConstants.CommonSchemaConstants.ID_URI, id);
        String createdDate = AttributeUtil.formatDateTime(Instant.now());
        groupAttributes.put(SCIMConstants.CommonSchemaConstants.CREATED_URI, createdDate);
        groupAttributes.put(SCIMConstants.CommonSchemaConstants.LAST_MODIFIED_URI, createdDate);
        groupAttributes.put(SCIMConstants.CommonSchemaConstants.LOCATION_URI, SCIMCommonUtils.getSCIMGroupURL(id));
        attributesList.put(scimDisabledHybridRole, groupAttributes);
    }
    GroupDAO groupDAO = new GroupDAO();
    groupDAO.addSCIMGroupAttributesToSCIMDisabledHybridRoles(carbonUM.getTenantId(), attributesList);
    if (log.isDebugEnabled()) {
        log.debug("Persisted SCIM metadata for hybrid roles created while SCIM is disabled in the user store.");
    }
}
Also used : HashMap(java.util.HashMap) GroupDAO(org.wso2.carbon.identity.scim2.common.DAO.GroupDAO) Map(java.util.Map) HashMap(java.util.HashMap) AbstractMap(java.util.AbstractMap)

Aggregations

GroupDAO (org.wso2.carbon.identity.scim2.common.DAO.GroupDAO)12 IdentitySCIMException (org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException)8 UserStoreException (org.wso2.carbon.user.core.UserStoreException)7 AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)6 Group (org.wso2.carbon.user.core.common.Group)6 Map (java.util.Map)5 HashMap (java.util.HashMap)4 IdentityRoleManagementClientException (org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementClientException)2 GroupDAO (org.wso2.carbon.identity.role.mgt.core.dao.GroupDAO)2 AbstractMap (java.util.AbstractMap)1 ExpressionCondition (org.wso2.carbon.user.core.model.ExpressionCondition)1 OperationalCondition (org.wso2.carbon.user.core.model.OperationalCondition)1 CharonException (org.wso2.charon3.core.exceptions.CharonException)1